The High Assurance Internet Protocol Interoperability Specification (herein after referred to as “HAIPE”) is a standard protocol for secure communication specified by the National Security Agency. A red/black architecture 100, as illustrated in FIG. 1, is commonly implemented for securely communicating data. A red-side router 102, also referred to as an inner tunnel, provides access to applications and routes data traffic such as voice, video, email, and web in the form of red signals, or plaintext form. A black-side router 106, or an outer tunnel, encrypts the data traffic, using Advanced Encryption Standard, for example, before the data traffic goes out to a transport network 108 such as the public Internet, a commercial SATCOM network, or a private satellite, and onto a secure network 110. In order to comply with HAIPE, the red/black architecture 100 further includes an NSA certified HAIPE encryption device 104 for providing further encryption and security, based on an algorithm approved by the NSA, before data is sent to the red-side router.
Requiring a HAIPE encryption device 104, however, results in an increase in cost, size, weight, and power requirements for a red/black architecture 100, which may not be feasible when implementing a secure communication infrastructure. In addition, requiring an NSA approved HAIPE encryption device 104 may be perceived as a complex requirement and difficult to implement, which may detour such secure communication infrastructure implementations. Also, it may not be feasible to implement HAIPE compliant communications solutions using commercially available products. Thus, it may be beneficial to be able to remove the HAIPE encryption device 104 while still maintaining compliance with the NSA's HAIPE protocol for secure communication.
As a result, The NSA is developing new ways to leverage emerging technologies to deliver more timely solutions for rapidly evolving customer requirements. The NSA's Commercial Solutions for Classified (hereinafter referred to as “CSfC”) Program has been established to enable commercial products to be used in layered solutions protecting classified NSA data. This will provide the ability to securely communicate based on the commercial standards in a solution that can be implemented more timely.
FIG. 2 illustrates an example CSfC architecture 200 in which the red-side router 202 now provides the second layer of encryption that was previously provided by the HAIPE encryption device 104 (now removed).